DMARC stands for Domain-based Message Authentication, Reporting, and Conformance, and it is an email authentication protocol. DMARC helps protect email users from forged email messages and lets email administrators manage messages that dont pass Sender Policy Framework (SPF) or DomainKeys Identified Mail (DKIM) . DMARC is a standard email authentication method that helps mail administrators prevent hackers and other attackers from spoofing their organization and domain. Spoofing is a type of attack in which the From address of an email message is forged, and a spoofed message appears to be from the impersonated organization or domain. DMARC also lets email administrators request reports from email servers that get messages from their organization or domain. These reports have information to help identify possible authentication issues and malicious activity for messages sent from the domain.
DMARC extends two existing email authentication mechanisms, SPF and DKIM, and it allows the administrative owner of a domain to publish a policy in their DNS records to specify how to check the From field presented to end-users and how the receiver should deal with failures. DMARC policies are published in the public Domain Name System (DNS) as text TXT records, and they are available to everyone. DMARC policies enable email senders to specify how to handle emails authenticated using SPF or DKIM, and these senders can then opt to send those emails to the junk folder or block them altogether. In doing so, internet service providers (ISPs) can more effectively identify spammers and prevent malicious emails from landing in consumer inboxes. DMARC also allows ISPs to minimize false positives and provide better authentication reporting, vastly improving transparency in the email ecosystem.
